Kerberos
The latest Kerberos coverage — news, analysis, and updates from the WindowsNews.AI desk.
Windows NEGOEX Integer Overflow Lets Attackers Escalate to SYSTEM—Patch Now
Microsoft has released a security update to plug a critical elevation-of-privilege hole in the Windows NEGOEX authentication mechanism. Tracked as CVE-2025-54895, the flaw stems from an integer...
Rockwell Patches Critical SSRF Flaw in ThinManager That Exposes NTLM Hashes to Attackers
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) reissued a high-severity advisory on September 9, 2025, for a server-side request forgery (SSRF) vulnerability in Rockwell...
SMB Signing Defaults, AES-256 Encryption Arrive as Microsoft Retires CIFS
Microsoft has flipped the switch on mandatory SMB signing for all outbound connections, a quiet but decisive blow against the 30-year-old CIFS dialect that still haunts enterprise networks. Windows...
Kerberos CVE-2025-26647 Hardening Causes Authentication Chaos: The Full Story of Audit-to-Enforce and NTAuth Requirements
Microsoft’s April 2025 security updates introduced mandatory Kerberos protections for CVE-2025-26647, but the enforcement phase triggered a cascade of authentication failures across enterprise...
Windows 11 24H2 NTLMv1 SSO Block Enforces in 2026—Audit Now
Microsoft will flip a default switch in October 2026 that blocks single sign-on requests relying on NTLMv1-derived cryptography in Windows 11 24H2 and Windows Server 2025. The change is gated by a...
Microsoft Drops Kerberos Compatibility Workarounds September 10: What You Must Do
On September 10, 2025, Microsoft will flip a permanent switch in Windows domain controllers: the temporary registry settings that have allowed weak certificate-to-user mappings will stop working, and...
Last Call for Certificate Compatibility: Microsoft Mandates Strong Mappings on Windows DCs Sept 10
Microsoft will permanently disable the compatibility mode for certificate-to-account mappings on Windows domain controllers on September 10, 2025, forcing organizations still relying on weak...
CERT-In Warns: Patch Windows and Cloud Now as Microsoft Fixes 111 Vulnerabilities, Including Kerberos Zero-Day
India's Computer Emergency Response Team (CERT-In) has issued a high-severity advisory urging organizations and home users to apply Microsoft's latest security updates immediately. The warning...
Windows Server Security: BeyondTrust's 10-Year Report Uncovers Recurring RCE and EoP Threats
A decade of Microsoft security bulletins reveals a stubborn truth: the same handful of vulnerability classes keep hammering Windows Server environments, and defenders who ignore these patterns do so...
Patch Domain Controllers Now: Microsoft's August Updates Fix Kerberos Zero-Day, Hybrid Exchange Flaws, and 107 Bugs
Microsoft's August 2025 Patch Tuesday landed with an unusual bang, delivering fixes for 107 vulnerabilities, including a publicly disclosed Kerberos zero-day that can hand attackers the keys to an...
Microsoft’s August Patches Slam Shut 107+ Holes, Including Public Kerberos Flaw and Critical GDI+ RCE
On August 12, 2025, Microsoft’s monthly Patch Tuesday arrived with a payload heavy enough to keep IT admins working through the night. The security slate covers at least 107 distinct...
CISA Emergency Directive Targets Exchange Hybrid Flaw in August Patch Tuesday Deluge
The Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive late Tuesday, ordering federal agencies to secure on-premises Exchange servers within hours after a newly...